[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Safe Key Generation

At 10:08 AM -0700 7/1/97, Bob Jueneman wrote:
>How many user key pairs do you know of that were generated on TCSEC-rated A1
>systems using FIPS 140-1 rated level 4 cryptographic implementations?  None,
>you say?  OK, how many key pairs do you know of that were at least generated
>on a C2 rated system, using a FIPS 140-1 level 1 rated crypto?  Again,
>virtually none, you say?

I am not sure I consider the rating of the system as important as its
history.  For example, if you generate a key on a Mac/Windows system which
has been freshly installed from manufacturer's CDROM on a freshly
initialized hard disk, I would feel much safer than with a C2 system (no
Trojan horse protection) which had been running connected to the global
internet for 6 months.

Bill Frantz       | The Internet was designed  | Periwinkle -- Consulting
(408)356-8506     | to protect the free world  | 16345 Englewood Ave.
frantz@netcom.com | from hostile governments.  | Los Gatos, CA 95032, USA